Logging AWS Health API Calls with AWS CloudTrail

AWS Health is integrated with CloudTrail, a service that captures all of the AWS Health
API
calls and delivers the log files to an Amazon S3 bucket that you specify. CloudTrail
captures API calls
from the Personal Health Dashboard or from your code to the AWS Health APIs. Using
the information collected by
CloudTrail, you can determine the request that was made to AWS Health, the source
IP address of
the request, who made the request, when it was made, and so on.

AWS Health Information in CloudTrail

When CloudTrail logging is enabled in your AWS account, API calls to AWS Health are
tracked in CloudTrail log files, along with other AWS service records. CloudTrail
determines when
to create and write to a new file based on a time period and file size.

All AWS Health actions exceptDescribeEventAggregates are logged by CloudTrail and are documented in the
AWS Health API Reference. For example, calls to the
DescribeEvents, DescribeEventDetails, and DescribeAffectedEntities
actions generate entries in the CloudTrail log files.

Every log entry contains information about who generated the request. The identity
information in the log entry helps you determine the following:

Whether the request was made with root or IAM credentials

Whether the request was made with temporary security credentials for a role or
federated user

You can store your log files in your Amazon S3 bucket for as long as you want. You
can also
define Amazon S3 lifecycle rules to archive or delete log files automatically. By
default,
your log files are encrypted with Amazon S3 server-side encryption (SSE).

Understanding AWS Health Log File
Entries

CloudTrail log files can contain one or more log entries. Each entry lists multiple
JSON-formatted events. A log entry represents a single request from any source and
includes
information about the requested action, the date and time of the action, request parameters,
and so on. Log entries are not an ordered stack trace of the public API calls, so
they do not
appear in any specific order.